The following issues were found
drivers/base/firmware_loader/fallback_platform.c
1 issues
Line: 41
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!fw_priv->data)
return -ENOMEM;
memcpy(fw_priv->data, data, size);
fw_priv->size = size;
fw_state_done(fw_priv);
return 0;
}
Reported by FlawFinder.
drivers/block/zram/zram_drv.h
1 issues
Line: 111
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
* we can store in a disk.
*/
u64 disksize; /* bytes */
char compressor[CRYPTO_MAX_ALG_NAME];
/*
* zram is claimed so open request will be failed
*/
bool claim; /* Protected by disk->open_mutex */
#ifdef CONFIG_ZRAM_WRITEBACK
Reported by FlawFinder.
drivers/gpu/drm/amd/pm/powerplay/smumgr/smu7_smumgr.c
1 issues
Line: 153
Column: 24
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int smu7_program_jump_on_start(struct pp_hwmgr *hwmgr)
{
static const unsigned char data[4] = { 0xE0, 0x00, 0x80, 0x40 };
smu7_copy_bytes_to_smc(hwmgr, 0x0, data, 4, sizeof(data)+1);
return 0;
}
Reported by FlawFinder.
drivers/base/component.c
1 issues
Line: 317
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return -ENOMEM;
if (match->compare) {
memcpy(new, match->compare, sizeof(*new) *
min(match->num, num));
kfree(match->compare);
}
match->compare = new;
match->alloc = num;
Reported by FlawFinder.
drivers/base/cacheinfo.c
1 issues
Line: 44
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* OF properties to query for a given cache type */
struct cache_type_info {
const char *size_prop;
const char *line_size_props[2];
const char *nr_sets_prop;
};
static const struct cache_type_info cache_type_info[] = {
{
Reported by FlawFinder.
drivers/bluetooth/btmrvl_main.c
1 issues
Line: 575
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
buf[0] = MRVL_VENDOR_PKT;
buf[1] = sizeof(bdaddr_t);
memcpy(buf + 2, bdaddr, sizeof(bdaddr_t));
skb = __hci_cmd_sync(hdev, BT_CMD_SET_BDADDR, sizeof(buf), buf,
HCI_INIT_TIMEOUT);
if (IS_ERR(skb)) {
ret = PTR_ERR(skb);
Reported by FlawFinder.
drivers/base/auxiliary.c
1 issues
Line: 32
Column: 7
CWE codes:
126
match_size = p - dev_name(&auxdev->dev);
/* use dev_name(&auxdev->dev) prefix before last '.' char to match to */
if (strlen(id->name) == match_size &&
!strncmp(dev_name(&auxdev->dev), id->name, match_size))
return id;
}
return NULL;
}
Reported by FlawFinder.
drivers/bluetooth/btmtksdio.c
1 issues
Line: 190
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
hdr->op = wmt_params->op;
hdr->dlen = cpu_to_le16(wmt_params->dlen + 1);
hdr->flag = wmt_params->flag;
memcpy(wc.data, wmt_params->data, wmt_params->dlen);
set_bit(BTMTKSDIO_TX_WAIT_VND_EVT, &bdev->tx_state);
err = __hci_cmd_send(hdev, 0xfc6f, hlen, &wc);
if (err < 0) {
Reported by FlawFinder.
drivers/bluetooth/btqca.h
1 issues
Line: 89
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct qca_fw_config {
u8 type;
char fwname[64];
uint8_t user_baud_rate;
enum qca_tlv_dnld_mode dnld_mode;
enum qca_tlv_dnld_mode dnld_type;
};
Reported by FlawFinder.
drivers/bluetooth/btrsi.c
1 issues
Line: 101
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!skb)
return -ENOMEM;
memcpy(skb->data, pkt + RSI_FRAME_DESC_SIZE, pkt_len);
skb_put(skb, pkt_len);
h_adapter->hdev->stat.byte_rx += skb->len;
hci_skb_pkt_type(skb) = pkt[14];
Reported by FlawFinder.